2 files changed, 242 insertions, 0 deletions

diff --git a/manifests/defines/vhost_varieties.pp b/manifests/defines/vhost_varieties.pp
index d05c6ed..c4223be 100644
--- a/manifests/defines/vhost_varieties.pp
+++ b/manifests/defines/vhost_varieties.pp
@@ -6,6 +6,7 @@
 # - apache::vhost::php
 # - apache::vhost::joomla
 # - apache::vhost::wordpress
+# - apache::vhost::simplemachine
 # - apache::vhost::cgi TODO
 # - apache::vhost::modperl TODO
 # - apache::vhost::modpython TODO
@@ -414,6 +415,126 @@ define apache::vhost::php::wordpress(
     }
 }
 
+# run_mode:
+#   - normal: nothing special (*default*)
+#   - itk: apache is running with the itk module
+#          and run_uid and run_gid are used as vhost users
+# run_uid: the uid the vhost should run as with the itk module
+# run_gid: the gid the vhost should run as with the itk module
+define apache::vhost::php::simplemachine(
+    $ensure = present,
+    $domain = 'absent',
+    $domainalias = 'absent',
+    $path = 'absent',
+    $owner = root,
+    $group = 0,
+    $documentroot_owner = apache,
+    $documentroot_group = 0,
+    $documentroot_mode = 0750,
+    $run_mode = 'normal',
+    $run_uid = 'absent',
+    $run_gid = 'absent',
+    $allow_override = 'None',
+    $php_upload_tmp_dir = 'absent',
+    $php_session_save_path = 'absent',
+    $do_includes = false,
+    $options = 'absent',
+    $additional_options = 'absent',
+    $default_charset = 'absent',
+    $mod_security = true,
+    $ssl_mode = false,
+    $vhost_mode = 'template',
+    $vhost_source = 'absent',
+    $vhost_destination = 'absent',
+    $htpasswd_file = 'absent',
+    $htpasswd_path = 'absent',
+    $manage_config = true,
+    $config_webwriteable = false,
+    $manage_directories = true
+){
+    apache::vhost::phpdirs{"${name}":
+        ensure => $ensure,
+        php_upload_tmp_dir => $php_upload_tmp_dir,
+        php_session_save_path => $php_session_save_path,
+        documentroot_owner => $documentroot_owner,
+        documentroot_group => $documentroot_group,
+        documentroot_mode => $documentroot_mode,
+        run_mode => $run_mode,
+        run_uid => $run_uid,
+    }
+
+    $real_path = $path ? {
+        'absent' => $operatingsystem ? {
+            openbsd => "/var/www/htdocs/${name}",
+            default => "/var/www/vhosts/${name}"
+        },
+        default => "${path}"
+    }
+    $documentroot = "${real_path}/www"
+
+    # create and/or put correct permissions
+    apache::vhost::webdir{$name:
+        ensure => $ensure,
+        path => $real_path,
+        owner => $owner,
+        group => $group,
+        documentroot_owner => $documentroot_owner,
+        documentroot_group => $documentroot_group,
+        documentroot_mode => $documentroot_mode,
+    }
+
+    if ($ensure != 'absent') and $manage_directories {
+        apache::file::rw{ "$documentroot/attachements":
+            owner => $documentroot_owner,
+            group => $documentroot_group,
+        }
+    }
+
+    # create vhost configuration file
+    apache::vhost{$name:
+        ensure => $ensure,
+        path => $path,
+        template_mode => 'php_simplemachine',
+        vhost_mode => $vhost_mode,
+        vhost_source => $vhost_source,
+        vhost_destination => $vhost_destination,
+        domain => $domain,
+        domainalias => $domainalias,
+        run_mode => $run_mode,
+        run_uid => $run_uid,
+        run_gid => $run_gid,
+        allow_override => $allow_override,
+        do_includes => $do_includes,
+        options => $options,
+        additional_options => $additional_options,
+        default_charset => $default_charset,
+        php_upload_tmp_dir => $php_upload_tmp_dir,
+        php_session_save_path => $php_session_save_path,
+        ssl_mode => $ssl_mode,
+        htpasswd_file => $htpasswd_file,
+        htpasswd_path => $htpasswd_path,
+        mod_security => $mod_security,
+    }
+
+    if $manage_config {
+        apache::vhost::file::documentrootfile{"simplemachine_configurationfile_${name}":
+            documentroot => $documentroot,
+            filename => 'Settings.php',
+            thedomain => $name,
+            owner => $documentroot_owner,
+            group => $documentroot_group,
+        }
+        if $config_webwriteable {
+            Apache::Vhost::File::Documentrootfile["simplemachine_configurationfile_${name}"]{
+                mode => 0660,
+            }
+        } else {
+            Apache::Vhost::File::Documentrootfile["simplemachine_configurationfile_${name}"]{
+                mode => 0440,
+            }
+        }
+    }
+}
 
 # run_mode: 
 #   - normal: nothing special (*default*)
diff --git a/templates/vhosts/php_simplemachine/CentOS.erb b/templates/vhosts/php_simplemachine/CentOS.erb
new file mode 100644
index 0000000..ee07989
--- /dev/null
+++ b/templates/vhosts/php_simplemachine/CentOS.erb
@@ -0,0 +1,121 @@
+# <%= servername %>
+<VirtualHost *:80>
+    Include conf.d/defaults.inc
+
+    ServerName <%= servername %>
+    <%- unless serveralias.to_s.empty? then -%>
+    ServerAlias <%= serveralias %>
+    <%- end -%> 
+    DocumentRoot <%= documentroot %>/
+
+    ErrorLog <%= logdir %>/error_log
+    CustomLog <%= logdir %>/access_log combined
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Redirect permanent / https://<%= servername %>/
+    <%- end -%>
+    <%- if default_charset.to_s != 'absent' then -%>
+    AddDefaultCharset <%= default_charset %>
+    <%- end -%>
+    <%- if run_mode.to_s == 'itk' -%>
+    <IfModule mpm_itk_module>
+        AssignUserId <%= run_uid+" "+run_gid %>
+    </IfModule>
+    <%- end -%>
+    <%- if not ssl_mode.to_s == 'force' then -%>
+    <Directory "<%= documentroot %>/">
+        AllowOverride <%= allow_override %>
+        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%> <%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%>+Includes<%- end -%>
+
+        <%- end -%>
+        <%- unless htpasswd_file.to_s == 'absent' then -%>
+        AuthType Basic
+        AuthName "Access fuer <%= servername %>"
+        AuthUserFile <%= real_htpasswd_path %>
+        require valid-user
+        <%- end -%>
+        php_admin_flag engine on
+        php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
+        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
+        php_admin_value session.save_path <%= real_php_session_save_path %>
+    </Directory>
+    <%- end -%>
+	
+    <IfModule mod_security2.c>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditLogType serial
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecDebugLog <%= logdir %>/mod_security_debug.log
+        <%- else -%>
+        SecRuleEngine Off
+        <%- end -%>
+    </IfModule>
+
+    <%- unless additional_options.to_s == 'absent' then -%>
+    <%= additional_options %>
+    <%- end -%>
+</VirtualHost>
+
+<%- unless ssl_mode.to_s == 'false'  then -%>
+<VirtualHost *:443>
+    Include conf.d/defaults.inc
+    Include conf.d/ssl_defaults.inc
+
+    ServerName <%= servername %>
+    <%- unless serveralias.to_s.empty? then -%>
+    ServerAlias <%= serveralias %>
+    <%- end -%> 
+    DocumentRoot <%= documentroot %>/
+
+    ErrorLog <%= logdir %>/error_log
+    CustomLog <%= logdir %>/access_log combined
+    <%- if default_charset.to_s != 'absent' then -%>
+    AddDefaultCharset <%= default_charset %>
+    <%- end -%>
+    <%- if run_mode.to_s == 'itk' -%>
+    <IfModule mpm_itk_module>
+        AssignUserId <%= run_uid+" "+run_gid %>
+    </IfModule>
+    <%- end -%>
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Redirect permanent / https://<%= servername %>/
+    <%- end -%>
+    <%- if default_charset.to_s != 'absent' then -%>
+    AddDefaultCharset <%= default_charset %>
+    <%- end -%>
+    <Directory "<%= documentroot %>/">
+        AllowOverride <%= allow_override %>
+        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%> <%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%>+Includes<%- end -%>
+
+        <%- end -%>
+        <%- unless htpasswd_file.to_s == 'absent' then -%>
+        AuthType Basic
+        AuthName "Access fuer <%= servername %>"
+        AuthUserFile <%= real_htpasswd_path %>
+        require valid-user
+        <%- end -%>
+        php_admin_flag engine on
+        php_admin_value open_basedir <%= documentroot %>:<%= real_php_upload_tmp_dir %>:<%= real_php_session_save_path %>
+        php_admin_value upload_tmp_dir <%= real_php_upload_tmp_dir %>
+        php_admin_value session.save_path <%= real_php_session_save_path %>
+    </Directory>
+
+    <IfModule mod_security2.c>
+        SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditLogType serial
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecDebugLog <%= logdir %>/mod_security_debug.log
+        <%- else -%>
+        SecRuleEngine Off
+        <%- end -%>
+    </IfModule>
+
+    <%- unless additional_options.to_s == 'absent' then -%>
+    <%= additional_options %>
+    <%- end -%>
+</VirtualHost>
+<%- end -%>